slightly odd scenario. I have RequiresQuestionAndAnswer set to false because the admin needs to be able to create accounts without filling out questions and answers, he wants the user to set that part up.
So RequiresQuestionAndAnswer is false, user logs in and is prompted to set up their own security password and answer (which I've coded myself but which uses some membership methods to store the info) which is successfully stored in the DB in the aspnet_membership table just as if the user was being created with a password question and answer initially.
Then when, on the ForgotYourPassword page, when trying to use Membership.Provider.GetPassword(username,passwordanswer) it produces a password even though the password answer is wrong.
This would seem to be a fault in aspnet because setting RequiresQuestionAndAnswer to false means to me:
"I don't require this to create a user but I can still use it".
Whereas to asp.net is means:
"I don't require this to create a user and I will NEVER use it and so it will be ignored everywhere."
Anyone know how to get around this? I need to be able to confirm the provided security answer is correct and reset or get the user's password. I'm using encrypted passwords not hashed so retrieval should be possible.
As you might be discovering here, the built-in provider is somewhat limited in it's flexibility. Best way to solve this problem is to make your app generate the question and answer behind the scenes so you can get past that.